Privacy Policy
This Privacy Policy explains how OAA Venture Limited ("we", "us", "our"), which operates Ewaade (the "Platform"), collects, uses, shares, and protects personal data. It applies to anyone who visits our website, books an appointment, places an order, lists services as a Provider, or otherwise interacts with the Platform.
1. Data controller
OAA Venture Limited is the data controller for personal data we collect about Customers and Platform visitors. For data submitted by Providers as part of their business listings (such as customer records they manage on their own client list), the Provider is the controller and we act as a processor on their behalf.
2. Information we collect
2.1 Information you provide
- Account data: name, email, password (hashed), phone number for Providers.
- Booking data: customer name, contact details, the service, date, time, and any notes you provide.
- Payment data: handled directly by our payment processors (Stripe, Paystack). We receive a tokenised reference and transaction status; we do not store full card numbers.
- Verification data: identity documents, business registration details, and similar information collected during KYC for Providers.
- Communications: messages sent through the Platform, support enquiries, and review content.
2.2 Information collected automatically
- Technical data: IP address, browser type, operating system, device identifiers, time zone, referrer.
- Usage data: pages visited, features used, interaction timestamps.
- Cookies and similar technologies: see our Cookie Policy.
2.3 Information from third parties
We may receive information from payment providers (transaction outcomes, risk signals), identity verification providers (KYC results), and from social or analytics services where you have authorised us to do so.
3. How we use personal data
- Provide, operate, and improve the Platform.
- Process bookings, payments, and refunds.
- Communicate with you about your account, bookings, and any customer-service issues.
- Send transactional and reminder emails (booking confirmations, reschedules, pickup reminders).
- Comply with legal, regulatory, and KYC obligations, including anti-fraud and anti-money-laundering checks.
- Detect, prevent, and investigate fraud, abuse, or security incidents.
- Enforce our Terms of Service and Acceptable Use Policy.
- Send marketing communications where you have consented (you can unsubscribe at any time).
4. Lawful bases (UK GDPR / EU GDPR)
We rely on the following lawful bases under UK and EU data protection law:
- Contract: to provide the Platform to Users and to fulfil bookings.
- Legal obligation: to comply with KYC, tax, anti-money-laundering, and other regulatory requirements.
- Legitimate interests: to operate, secure, and improve the Platform; to prevent fraud; and to communicate with Users about transactional matters. Where we rely on legitimate interests we balance those against your rights and freedoms.
- Consent: for non-essential cookies and marketing emails.
5. Sharing personal data
We share personal data with:
- Providers: When you book through the Platform, the relevant Provider receives the details needed to deliver the service (name, contact details, the booking specifics).
- Payment processors: Stripe and Paystack receive the data they need to process payments and refunds and to perform their own anti-fraud checks.
- Hosting and infrastructure: cloud hosting, transactional email, and similar service providers acting under contract with us.
- Identity verification providers for Provider KYC.
- Regulators, law enforcement, courts: where required by law or to protect our rights or those of others.
- Acquirers: if our business is sold or merged, in which case we will notify Users.
We do not sell personal data.
6. International transfers
Some of our service providers operate outside the UK and EEA. Where we transfer personal data outside the UK or EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or transfers to jurisdictions with adequacy decisions.
7. Data retention
We retain personal data only as long as needed for the purposes set out above and to comply with our legal obligations. Booking records are typically retained for at least 6 years for tax and accounting purposes. Account data is retained while the account is active and for a period after closure to handle disputes and meet regulatory requirements. Verification documents are retained for the duration of the business relationship plus the period required by anti-money-laundering laws.
8. Your rights
Subject to local law, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request erasure where there is no compelling reason for continued processing.
- Restrict or object to processing in certain circumstances.
- Request portability of data you provided to us.
- Withdraw consent at any time where we rely on it.
- Lodge a complaint with a supervisory authority (in the UK, the Information Commissioner's Office at ico.org.uk).
To exercise these rights, email privacy@ewaade.com. We may need to verify your identity before responding. We will respond within one month of receipt, or notify you if we need an extension.
9. Security
We use industry-standard technical and organisational measures to protect personal data, including transport encryption (HTTPS), encryption at rest where appropriate, access controls, and regular reviews. No method of transmission or storage is fully secure; if you suspect a security incident, contact privacy@ewaade.com immediately.
10. Children
The Platform is not intended for children under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us and we will delete it.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The version and effective date at the top of this page indicate when it was last updated. Material changes will be communicated as set out in our Terms of Service.
12. Contact
Privacy questions, data-subject requests, and complaints: privacy@ewaade.com.
OAA Venture Limited.